Data protection and the use of biometric data in the EU

Abstract

This article is concerned with the legal approach to the regulation of biometrics in European policy making. It is observed that the latter is based mainly on a data protection perspective. From this data protection point of view, the handling of biometric data in the EU would benefit from a more stringent application of the purpose binding principle. Further, it is demonstrated that more thorough impact assessments could become the cornerstone for legal assessments of the application of data protection principles in individual biometric projects such as EURODAC. The conclusion is that the current approach to informational trends and biometrics will have to develop beyond personal data protection towards a more comprehensive notion of societal data protection through privacy enhancing data and identity management. Within this wider framework, data protection should be able to deal with the use of biometrics and multiple layers and concepts of privacy created by the information society as it is developing. © 2008 International Federation for Information Processing.